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[57] ABSTRACT 

A circuit for generating a sequence of pseudo random 


numbers, {A*}. There is an exponentiator (30') in 
GF(2 m ) for the normal basis representation of elements 
in a finite field GF(2 m ) each represented by m binary 
digits and having two inputs and an output from which 
the sequence {A*} of pseudo random numbers is taken. 
One of the two inputs is connected to receive the out- 
puts {Efc} of maximal length shift register of n stages. 
There is a switch (32) having a pair of inputs and an 
output. The switch (32) output is connected to the other 
of the two inputs of the exponentiator (30'). One of the 
switch (32) inputs is connected for initially receiving a 
primitive element Aoin GF(2 m ). Finally, there is a delay 
circuit (34) having an input and an output. The delay 
circuit (34) output is connected to the other of the 
switch (32) inputs and the delay circuit (34) input is 
connected to the output of the exponentiator (30') 
whereby after the exponentiator (30') initially receives 
the primitive element Ao in GF(2 m ) through the switch 
(32), the switch (32) can be switched to cause the ex- 
ponentiator (30') to receive as its input a delayed output 
A*-] from the exponentiator (30') thereby generating 
{Afc} continuously at the output of the exponentiator 
(30'). The exponentiator (30') in GF(2 m ) is novel and 
comprises a cyclic-shift circuit; a Massey-Omura multi- 
plier; and, a control logic circuit all operably connected 
together to perform the function U/= a 2' (for n;= 1) or 1 
(for n,=0). 


5 Claims, 4 Drawing Sheets 
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LONG PERIOD PSEUDO RANDOM NUMBER 
SEQUENCE GENERATOR 

ORIGIN OF THE INVENTION 

The invention described herein was made in the per- 
formance of work under a NASA contract and is sub- 
ject to the provisions of Public Law 96-517 (35 USC 
202) in which the Contractor has elected not to retain 
title. 1. Technical Field 

The present invention relates to cryptography and, 
more particularly, to a circuit for generating a sequence 
of pseudo random numbers, {A*}, having a long period 
comprising, an exponentiator in GF(2 m ) for the normal 
basis representation of elements in a finite field GF(2 m ) ^ 
each represented by m binary digits and having two 
inputs and an output from which the sequence {A*} of 
pseudo random numbers is taken, one of the two inputs 
being connected to receive the outputs {E*} of a maxi- 
mal length shift register of n stages; a switch having a 20 
pair of inputs and an output, the switch output being 
connected to the other of the two inputs of the exponen- 
tiator, one of the switch inputs being connected for 
initially receiving a primitive element Ao in GF(2 m ); 
and, a delay circuit having an input and an output, the 25 
delay circuit output being connected to the other of the 
switch inputs, the delay circuit input being connected to 
the output of the exponentiator whereby after the ex- 
ponentiator initially receives the primitive element Ao 
in GF(2 m ) through the switch the switch can be 30 
switched to cause the exponentiator to thereafter re- 
ceive as its input a delayed output A*_i from the ex- 
ponentiator thereby generating {A*} continuously at 
the output of the exponentiator. 

In the preferred embodiment, the exponentiator in 35 
GF(2 m ) comprises, a cyclic-shift circuit; a Massey- 
Omura multiplier; and, a control logic circuit all opera- 
bly connected together to perform the function U/= a 2‘ 
(for n, = 1) or 1 (for n,= 0). 

2. Prior Art and Technical References 40 

The following provide further information on the 
subject matter of the present invention and/or tech- 
niques and apparatus incorporated therein. 

1. J. L. Massey and J. K. Omura, Patent Application 
on “Computational Method and Apparatus for 45 
Fine Field Arithmetic”, now U.S. Letters Pat. No. 
4,587,627. 

2. C. C. Wang, et al., “VLSI Architectures for Com- 
puting Multiplications and Inverses in GF(2 m )”, 
IEEE Transactions on Computers, Vol. C-34, No. 50 
8, August 1985. 

3. R. C. Dixon, Spread Spectrum Systems, John Wiley 
& Sons, Inc., 1932. 

4. F. J. MacWilliams and N. J. A. Sloane, The Theory 
of Error-Correcting Codes, North-Holland Publish- 55 
ing, New York, 1977. 

5. M. Perlman, “Periodic Binary Sequence Genera- 

tors: Very Large Scale Integrated (VLSI) Circuits 
Considerations”, Jet Propulsion Laboratory (JPL) 
Publications 85-7, December, 1984. 60 

DESCRIPTION OF THE PRIOR ART 

The field of cryptography has undergone a step in- 
crease in its requirements for producing “unbreakable” 
code since the inception of the digital computer. When 65 
coded messages only existed and were transmitted in 
analog form (i.e. the written “word”) as represented by 
FIGS. 1 and 2, the production of a code which was 


2 

difficult to break was fairly easy and the breaking of the 
code of others was a laborous and time-consuming task 
as the work had to be done by human mental labor. For 
example, one could make a code table 10 as shown in 
FIG. 1 wherein a symbol is substituted for each letter of 
the normal alphabet, e.g., A becomes &. Messages writ- 
ten with the substituted alphabet are easily deciphered 
only with the help of a corresponding code table 10 in 
the hands of the receiver. Thus, only with a code table 
10 can the receiver of the message “@&#%” under- 
stand it to be the word “FACE” as shown in FIG. 2. To 
break the code, one must use trial and error substitu- 
tions trying to find substitutions which make sense. 
Certain knowledge about co mm on combinations make 
the process easier; but, it is still laborous at best. 

With the advent of the digital computer with the 
ability to perform masses of combinations and permuta- 
tions of trial and error data in a matter of seconds, mere 
substitution codes become relatively worthless. Addi- 
tionally, the electronic transmission of data added to the 
problem. While the written analog cryptographer could 
devise his own symbols for substitution, the electronic 
cryptographer is faced with the use of “standard” bi- 
nary electronic substitutions for the alphabetic (and 
associated) characters. Even the original Morse code 
employed with telegraph transmissions is a form of a 
binary code with fixed substitutions. For example, a 
“dash” can be thought of as a binary “1” while a “dot” 
is a binary “0”. Thus, the letter G (i.e. Morse code dash, 
dash, dot) can be thought of as binary 110. Most digital 
devices associated with computers employ fixed numer- 
ical representations (such as so-called “ASCII”) for the 
characters as input, transmitted, and printed. Thus, as 
represented by the drawing of FIGS. 3 and 4, the letter 
“A”, for example, is represented by the number “01” 
(i.e. the eight bit binary byte 00000001) and the message 
“FACE” of FIG. 2 becomes “06010305” (in binary 
bytes) when transmitted within a binary system. 

Faced with this problem, cryptographers (where the 
term “cryptographer” includes persons who develop 
methods for securing data a programs within the digital 
computers themselves) found that an effective method 
of encrypting data, programs, and messages was to add 
a pseudo random number sequence thereto on the trans- 
mitting end and to subtract the same pseudo random 
number sequence therefrom on the receiving end as 
shown in FIG. 5. Since there is no constant substitution 
factor, the trial and error method of code breaking is 
ineffective, even at computer speeds. 

The generation of a periodic sequence of pseudo 
random numbers finds use in a number of applications 
such as spread spectrum communications and crypto- 
graphic systems as well as in other signal processing 
applications such as noise generation, ranging code 
generation, and test data sequence generation. The 
pseudo random number sequence addition/subtraction 
technique has been applied to varying levels of security 
requirements from the simple prevention of unautho- 
rized disclosure of valuable coding within otherwise 
accessible computer programs and data to the incryp- 
tion of data highly sensitive to the national security. The 
differentiating factor, in each case, being the complexity 
of the generator for the pseudo random number se- 
quence. The shorter the period of the sequence (i.e. the 
number of pseudo random numbers in the sequence 
before the sequence begins to repeat), the less costly the 
generator and the more regular (i.e. less random) resul- 
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tant sequence. As can be appreciated in this regard 
when considered in the ridiculous extreme, a pseudo 
random sequence of 02, 05, 03, 02, 05, 03, . . . would 
approach the adding of a constant to any data and 
would be fairly easily recognized whereas a sequence 
with an infinite period (e.g. which never repeated) 
would be virtually impossible to recognize. 

The typical prior art approach to the generation of a 
pseudo random number sequence is shown in simplified 


FIG. 4 is an example of the numeric representation of 
the message of FIG. 2 employing the numeric substitu- 
tions of the table of FIG. 3. 

FIG. 5 is a block diagram showing a prior art tech- 
nique employed in the protection and encrypting of 
data represented numerically wherein a pseudo random 
number sequence is added to the data for transmission 
or storage and then subtracted out for use. 

FIG. 6 is a block diagram of a prior art maximal 


form in FIG. 6 . A modular multiple-tap sequence gener- 10 length shift register employed for generating pseudo 


ator as developed is described in reference 3 and has random number sequences. 

been considered in the art as a very powerful and simple FIG. 7 is a simplified representation of a finite field 
pseudo random number generator. A VLSI circuit for containing points identifiable in a co-ordinate system, 
that generator has also been developed and is reported FIG. 8 is a simplified diagram of a cyclic-shift circuit 
in reference 5. In general, there is a n-position shift ^ ®° r achieving a2' by operating on the normal basis repre- 
register 12. An initial value is loaded into the register 12 sentation of a 2‘ 


over the input line 14. The value is then shifted through 
the register 12 by one position for each pseudo random 
number to be generated. The register 12 is a wrap- 


sentation of a 2 ' -1 . 

FIG. 9 is a flow chart of the method of the present 
invention for realizing the exponentiation in GF(2 m ) by 
using a cyclic-shift circuit, a Massey-Omura multiplier, 


around register in that the bit being shifted out at the 20 a “ d a c ° ntro1 1 °& C performing the function 

output end 16 is shifted into the input end 18 via the n * ° r . 1 \ or n ' . 


output end 16 is shifted into the input end 18 via the 
feedback or wraparound line 20. The pseudo random 
number sequence is taken out from a number of taps 22 
into the register 12 since the number of positions “n” of ^ 
the register 12 is typically much larger than the number 
of bits in each “number” of the sequence. 

The period of the pseudo random number sequence 
produced by the prior art apparatus of FIG. 6 is deter- 
mined by the number of positions “n” of the register 12 . 
Since an initialization value of “zero” is never employed 
(for obvious reasons), the period is equal to the quantity 
2 « — 1 and is known as the “maximal length” achievable 
by this approach. By way of example, the period of a 


FIG. 10 is a VLSI implementable circuit according to 
the present invention for performing the recursive algo- 
rithm for computing exponentiation in GF(2 4 ). 

FIG. 11 is a block diagram of the system structure of 
the circuitry of FIG. 10 for a general field GF(2 m ). 

FIG. 12 is a block diagram of a mechanism according 
to the present invention which can generate pseudo 
random numbers, A*. 

DETAILED DESCRIPTION OF THE 
INVENTION 

With reference to FIG. 7 as a starting point, assume 
that there is a field 24 containing a number of points 26. 


17-stage maximal length shift register operating in the 35 designated as Pi, P 2 , . . . P n . The field and the points 


pnor art manner of FIG. 6 is 131,071. To get a larger therein can be descri bed with respect to any of a num- 
penod, more positions must be added to the register ber of coordinate systems such as that indicated as 28. 
U-andthe increase is not substantial. For example, the Q ne such representation system well known in the prior 
period of a 19-stage maximal length shift register is only ^ is the « nor mal basis” system. 

449,113. This may seem substantial; however, it is small 40 Recently, Massey and Omura [as described in refer- 
m circumstances of extreme criticality where an infinite e nce 1 } invented a new algorithm to multiply in the 
period would be more desirable and beneficial. finite fie i d GF(2 m ). In their invention, they utilize a 

DISCLOSURE OF THE INVENTION normal basis of the form a, a 2 , a 4 , . . . , a 2 m - 1 to repre- 

. sent elements of the field. Employing a normal basis 

This mvention is primarily directed at a method and 45 representation, each element in the finite field GF(2 m ) 
apparatus for generating a random number sequence canberepresentedbymbinarydigits.Also,inemploy- 
whose period is longer than 2 n — 1 when n shift registers mg a normal basis representation, squaring of an ele- 
are used. It incorporates a simple VLSI implementable ment in GF(2 m ) is readily shown to be a simple cyclic 

device to perform exponentiation in GF(2 m ) by using a shift of its binary digits [as described in references 1 and 

Massey-Omura multiplier and is capable of generating a 50 2 ], Also, multiplication requires the same logic circuitry 
very long pseudo random sequence when 2 m — 1 is a for any one digit of the product as it does for any other 

Mersenne prime. While the sequence generated by the [as also described in references 1 and 2]. Adjacent prod- 

present invention may not have a flat spectrum as does uct digit circuits differ only in their inputs, which are 
the sequence generated by the prior art maximal length cyclically shifted versions of one another. In reference 
shift register as described earlier herein, the increase of 55 2, the inventor herein and others presented a VLSI 
the period is very significant and makes its sequence architecture to implement this Massey-Omura multi- 


DISCLOSURE OF THE INVENTION 


very desirable in some applications wherein period 
length is of paramount importance. 

DETAILED DESCRIPTION OF THE 
DRAWINGS 

FIG. 1 is a substitution table as used in the prior art 
for encrypting written messages. 

FIG. 2 is an example of an encrypted message using 
the table of FIG. 1. 

FIG. 3 is a table showing how numbers are employed 
to represent characters in the electronic input, transmis- 
sion, and printing of characters. 


55 2, the inventor herein and others presented a VLSI 
architecture to implement this Massey-Omura multi- 
plier in GF(2 m ). Both sequential-type and parallel-type 
Massey-Omura multipliers have been illustrated. They 
are shown to be simple and regular. A VLSI architec- 
60 ture for computing inverses in GF(2 m ) was also devel- 
oped in reference 2 by using a parallel-type Massey- 
Omura multiplier. 

Exponentiation in the finite field GF(2 m ) is necessary 
in the implementation of some error-correcting coders, 
65 such as Reed-Soloman codes. The conventional method 
for computing exponents in a finite field uses a lookup 
table. This method cannot be realized efficiently in a 
VLSI circuit. As will be described herein shortly, the 
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inventor herein has devised a recursive pipeline expo- 
nentiation circuit using a Massey-Omura multiplier. The 
architecture of that circuit is similar to that of the inver- 
sion circuit mentioned above, is regular and expandable, 
and, hence, naturally suitable for VLSI implementation. 5 

For an arbitrary a in the finite field GF(2 m ) and an 
integer N, (where 1 = N = 2 m — 1), and a = (S N , clearly, (3 
is in GF(2 m ). When N is represented in binary form as 
(no, m, n 2 , . . . n m _i )/, it can be proved mathematically 
(proof omitted in the interest of simplicity and the 10 
avoidance of redundancy) that exponentiation in the 
finite field GF(2 m ) can be accomplished by successive 
multiplication. From the teachings of references 1 and 2 
it is known that, in normal basis, a 2‘ can be achieved by 
a cyclic-shift circuit as shown in FIG. 8 operating on 15 
the normal basis representation of a 2' _1 . The exponenti- 
ation in GF(2 m ) can, therefore, be realized by using a 
cyclic-shift circuit, a Massey-Omura multiplier, and a 
control logic circuit performing the function U,= a 2‘ 
(for n,— 1) or 1 (for n,—0). The algorithm of this struc- 20 
ture is shown in FIG. 9 and can be described as follows: 

(i) Let A =a 

If no=l, let B=A 
Otherwise, let B=1 

Let C= 1 and k=0 25 

(ii) Multiply B and C to obtain Z=B C 

Set k=k+l 

(iii) Replace A with the cyclic shift (CS) of A 

If k=m, Z=a N , Stop 

If k<m, C=Z and B= A if n*= 1, 30 

Otherwise B=1 

(iv) Go back to step (ii) 

This recursive algorithm for computing exponentia- 
tion in GF(2 4 ) can be realized by the circuit 30 shown in 
FIG. 10. In the circuit of FIG. 10, a parallel-type Mas- 35 
sey-Omura multiplier of GF(2 4 ) is utilized. The archi- 
tecture is somewhat s imil ar to that shown in FIG. 9 of 
reference 2 as used for computing the inverses in 
GF(2 4 ); but, it has an additional input for the exponent 
N and only one control signal, Ld. By way of illustra- 40 
tion of its operation, let the exponent N be represented 
by (n 3 , n 2 , m, no)/ such that N is equal to the sum from 
i=0 to 4 of n/2', where no=0 or 1. If one follows the 
progress of the computation, it will be found that at the 
end of the third clock cycle, the complementary values 45 
of ai, a 2 , and a 3 are stored in the input buffer flip-flops 
Bi, B 2 , and B 3 , respectively. During the fourth clock 
cycle, Ld= 1. Then the complementary values of ao, aj, 
a 2 , and a 3 are simultaneously shifted into Ri, R 2 , R 3 , and 
R4, respectively. At the same moment, buffer flip-flops 50 
B 7 , Bg, B 9 , and Bio are fed with the values of n 3 , n 2 , ni, 
and no, respectively, and registers R 5 , R 6 , R 7 , and Rs are 
also fed with the values “0”. Notice that, actually, the 
complementary representation of a and 1 are entering 
the buffers R for multiplication. This is due to the fact 55 
that the “AND” function required in the Massey- 
Omura multiplier developed in reference 2 is achieved 
by using an “OR” function operating on the comple- 
ments of multiplicand and multiplier. 

A parallel-type GF(2 4 ) Massey-Omura multiplier 60 
simultaneously yields four product components do, di, 
d 2 , and d 3 . Therefore, during the next four clock cycles, 
while n,(i=0, 1, 2, 3) controls the entering of either a 2' 
or 1 to the multiplier, four successive multiplications are 
performed for the exponentiation. When the fourth 65 
multiplication is completed, Ld= 1. Thus, the first digit, 
b 3 , of the normal basis representation of a^is shifted out 
of the circuit. At the same time, the other three digits, 
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bo, bi, and b 2 , of are fed into the output buffer flip-flops 
B 4 , B 5 , and B$, respectively. These are sequentially 
shifted out of the circuitry during the next three clock 
cycles. 

The above-described method of computing exponen- 
tiation in GF(2 4 ) takes four clock cycles. During this 
four clock cycles, the circuit of FIG. 10 allows the bits 
of the next element (following a) to be fed into it and 
the bits of the previous element to be shifted out of it, 
simultaneously. The circuit, therefore, provides a full 
pipeline capability so that the same operation can be 
performed continuously. As mentioned earlier, the 
pipelined exponentiation circuitry for GF(2 4 ) of FIG. 
10 is well-suited for VLSI implementation. The system 
structure of this circuitry 30' for a general field GF(2 m ) 
is shown in FIG. 11. 

The use of exponentiation in a finite field GF(2 m ) to 
simply and easily generate a pseudo random number 
sequence having a period which is orders of magnitude 
longer than that possible with the prior art maximal 
length shift register approach will now be described. 

First, if Ei, E 2 , E 3 , ... is a sequence of integers gener- 
ated by a maximal length shift register of n stages, it is 
well known that Ei is in the set S 1, 2, 3, — , 2 n — 1; 
and, that the sequence E k, where k= 1, 2, 3, . . . , is a 
periodic sequence with period 2 n — 1. Furthermore, the 
subsequence of Ei within on period is a permutation of 
elements in S. 

Now, by way of background and introduction, if Ao 
is a primitive element in GF(2 m ), where m=n (the “n” 
specified in the previous paragraph), then, 2 m — 1 is the 
smallest positive integer L, the so-called order of Ao , 
such that Ao i = 1. Hence, for any two distinct numbers 
E /, Ej (i, j=2 rt — 1) in the sequence {Ei}, Ao E i=^A 0 E i- If 
Aj—^o^k, then {A*} is a periodic sequence of elements 
in GF(2 m ) with the same period as the sequence {Ei}, 
2 n — 1. Although {A*} is a collection of elements in 
GF(2 m ), the representation of every A* in some basis of 
GF(2 m ) presents a binary representation of an integer in 
[1, 2 m — 1]. Therefore, the sequence of {Ai} can be 
regarded as a periodic sequence of positive integers. By 
generating the sequence {Ai} as described above, how- 
ever, one cannot increase the periodicity of the se- 
quence {Ei}. The manner in which this approach can 
be employed to increase the periodicity of the resultant 
sequence will now be described. 

A random number sequence {Ai} can be generated 
by letting Ak=Ak-\ E k- Putting it differently, {Ai} can 
be expressed as: 
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Al = A§ 1 

A 2 = Af 2 = A§} m 


Aj = AfU - ^ l£2£3 ' ' ' * = A /2> Ei * m ‘ X,2 ' n ‘ 


2 / 1-1 = ^ 2n^2 ’ = A 0 P 


where P = (2" — 1)! mod(2 m — 1). 

In the interest of simplicity and the avoidance of 
redundancy, it will be taken as true that the following 
can be mathematically proved: 

If the sequence { A k} is periodic, n < m. (2) 


If Aq is a primitive element in GF[2 m ) with 

2 m — 1 a Mersenne prime, then {.A$ is a periodic 30 

sequence with period of (2" — 1 )r 
.where r is the smallest positive integer such 
that P' = 1 mod (2 m - 1). 

35 

From (3), the algorithm given in (1) as to using expo- 
nentiation in the finite field GF(2 m ) with 2 m — 1 being a 
Mersenne prime has been proved to be able to generate 
a pseudo random number sequence with period 
(2™— l)r. This period is, in general, much greater than 40 
the period of a maximal length sequence for the same 
n-stage shift register. FIG. 12 shows a mechanism 
which can generate such pseudo random numbers, A*, 
in simplified block diagram form. The circuitry consists 
of an exponentiator 30 ' in GF(2 m ) as developed above 45 
herein. One of the two inputs to the exponentiator 30 ' is 
the outputs {E*} of a maximal length shift register of n 
stages (not shown) according to the prior art as de- 
scribed above. The other input is initially fed by a primi- 
tive element Ao in GF(2 m ) and then switched by means 50 
of switch 32 to the delayed output A*_ i from the ex- 
ponentiator 30 ' through delay circuit 34 . It can be seen 
and appreciated that the pipeline structure of the ex- 
ponentiator 30 as describe above is necessary in order to 
generate A/t continuously. 55 

It is worthy of note at this time by way of comparison 
that with m=19 and n=17 the period of 131,071 of a 
prior art maximal length shift register of 17 stages is 
increased by 262,143 times to a period of 3,435,934,513 
with the pseudo random number generator according to 60 
the present invention as shown in FIG. 12 . In fairness, it 
should be pointed out that the pseudo random number 
sequence generated by maximal length shift registers 
has good autocorrelation properties and some other 
periodicity properties which do not exist for the se- 65 
quence {A*} described herein as produced by the pres- 
ent invention. For applications in cryptography, for 
example, these properties are not important and the vast 
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gain in period length more than compensates for the 
losses in these properties. 

Wherefore having thus described the present inven- 
tion, what is claimed is: 

1. A circuit for generating a sequence of pseudo ran- 
dom numbers, {A*}, comprising: 

(a) an exponentiator in GF(2 m ) for the normal basis 
representation of elements in a finite field GF(2 m ) 
each represented by m binary digits and having 
two inputs and an output from which the sequence 
{A*] of pseudo random numbers is taken, one of 
said two inputs being connected to receive the 
outputs {E*} of a maximal length shift register of n 
stages; 

(b) a switch having a pair of inputs and an output, said 
output of said switch being connected to the other 
of said two inputs of said exponentiator, one of said 
inputs of said switch being connected for initially 
receiving a primitive element Ao in GF(2 m ); and 

(c) a delay circuit having an input and an output, said 
output of said delay circuit being connected to the 
other of said switch inputs, said input of said delay 
circuit being connected to said output of said ex- 
ponentiator whereby after said exponentiator ini- 
tially receives said primitive element Ao in GF(2 m ) 
through said switch, said switch is switched to 
make said exponentiator receive as an input thereto 
a delayed output A*_i from said exponentiator 
thereby generating {A*} continuously at said out- 
put of said exponentiator. 

2. The circuit for generating a sequence of pseudo 
random numbers, {A*}, of claim 1 wherein said ex- 
ponentiator in GF(2 m ) comprises: 

(a) a cyclic-shift circuit; 

(b) a Massey-Omura multiplier; and 

(c) a control logic circuit connected to said cyclic- 
shift circuit and said Massey-Omura multiplier to 
perform the function U,— a 2‘ (for n/= 1) or 1 (for 
n,=0), where i is an integer greater than zero. 

3. A method of generating a sequence of pseudo ran- 
dom numbers, {A*}, comprising the steps of: 

(a) providing an exponentiator in GF(2 m ) for the 
normal basis representation of elements in a finite 
field GF(2 m ) each represented by m binary digits 
and having two inputs and an output from which 
the sequence {At} of pseudo random numbers is 
taken; 

(b) connecting one of the two inputs to receive the 
outputs {Efc} of a maximal length shift register of n 
stages; 

(c) providing a switch having a pair of inputs and an 
output; 

(d) connecting the output of the switch to the other of 
the two inputs of the exponentiator; 

(e) connecting one of the inputs of the switch to a 
source of a primitive element Ao in GF(2 m ); 

(f) providing a delay circuit having an input and an 
output; 

(g) connecting the output of the delay circuit to the 
other of the switch inputs; 

(h) connecting the input of the delay circuit to the 
output of the exponentiator; 

(i) initially positioning the switch to receive the prim- 
itive element Ao in GF(2 m ); and 

(j) thereafter positioning the switch to make the ex- 
ponentiator receive as an input thereto a delayed 
output Ak~ i from the exponentiator thereby gener- 
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ating {A*} continuously at the output of the ex- 
ponentiator. 

4. The method for generating a sequence of pseudo 
random numbers, {A*}, of claim 3 wherein: 

the exponentiator in GF(2 m ) performs the function 
U,— a 2‘ (for n,— 1) or 1 (for n,= 0), where i is an 
integer greater than zero. 

5. The method for generating a sequence of pseudo 
random numbers, {At}, of cl aim 4 and additionally io 
including the recursive steps of: 
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(a) letting A=cc(a point in the finite field GF(2 m )); 

(b) if no= 1, letting B=A otherwise, letting B= 1; 

(c) letting C= 1 and k=0; 

(d) multiplying B and C to obtain Z=BC; 

(e) setting k=k+l; 

(f) replacing A with the cyclic shift (CS) of A; 

(g) if k=m, Z—a N , (where 1SNS2" 1 — 1) stopping; 

(h) if k<m, setting C=Z; and, setting B=A if n*= 1, 
otherwise setting B = 1; 

(i) going back to step (d). 
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